our CERTIFICATIONS
Let's stay protected
Learn how we protect ourselves and our clients to ensure we all stay safe
Compliance Certifications
Cloud Provider Certifications
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information.
Gryphon can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Gryphon.
POLICIES
Data Security
Data Retention and Disposal
Gryphon only retains personal data for the purpose of delivering services pursuant to client agreements, and compliance with all applicable laws and regulations. Personal data is disposed of when no longer required to meet contractual or legal obligations.
Network and Infrastructure Security
Infrastructure
Security
Gryphon infrastructure is deployed using best practices for hardening systems including vulnerability scanning, security patching, secure coding practices, CIS standards for password strength and rotation, role-based access control, and removal of all default, shared, and/or unnecessary administrative and privileged service accounts. Access to all Gryphon infrastructure requires the use of an encrypted VPN with multi-factor authentication.
Product and Application Security
Access Control
Gryphon employs Role-Based Access Control (RBAC) for all information and IT assets across the company. Access levels are granted based on job responsibilties using the principle of least privilege, with access modified or revoked as needed when an employee's job responsibilities change. Entitlements are directory-managed, and reviews are conducted on a recurring basis. CIS Standards are applied to password strength and rotation requirements, and multi-factor authentication is in-place where supported.
Corporate Security
Mobile Device Management
Gryphon utilizes enterprise mobile device management (MDM) solutions that enforce endpoint protection policies, local drive encryption, password strength and rotation requirements, idle time screen lock, and remote wipe capabilities on all employee workstations. Gryphon does not allow access to product infrastructure via mobile phones.
Reports
Penetration Test Report
Gryphon employs third party security vendors to perform Security, Vulnerability and Penetration testing for our products. Scans are performed in accordance with compliance requirements, and findings are remediated according to their severity and impact. An Executive Summary of our most recent external penetration test may be requested by emailing Trust@gryphon.ai (NDA Required).
Legal
Privacy Policy
Visit gryphon.ai to view Gryphon's Comprehensive Privacy Policy.